Error: The MAC is invalid


#1

I was trying to enable forever sessions and now I cannot log in a user session, instead it gives me the error:

“The MAC is invalid.”

And I have no idea what this means?


#2

@greywire this is fixed in the most recent version, see the release notes here. I’ll do my best to explain. It seems when Bitnami built these packages they did the initial setup of the instance with one app_key, which was then cached. But then a different app_key was written to the .env file. This key is required for all two way hashing (such as service usernames and password that are stored in the system database.) In order for the the system to be able to lookup the username and password of your external sql database (for example) it has to have the key.
Best practices have us clearing the cache everytime we make changes to .env file or update code, so now the correct cached key has been deleted, and the one that is in the .env file is not usable for retrieving hashed data values. This causes the admin app to start behaving erratically.

To fix this you would need to delete any hashed passwords or user lookups associated with your services or you can simply move to the fix version mentioned in the release notes.


#3

So are you saying I need to go into each user and manually reset the password?


#4

@greywire Let me clarify, you will need to set service usernames, passwords and lookups to NULL or delete from the database to get things working normally again. After doing this we would encourage you to update to the latest DF version which resolves this. Again, this isn’t an issue with DreamFactory but the packaging.


#6

I tried the update process (which I’ve done before) but I seem to have totally messed up my system. So I spun up a new VM with the latest bitnami package and copied over the databases. Its partially working… my apps and users are there but the permissions on the roles are not, and my services are not. I ran the scripts to clear caches and migrate (http://wiki.dreamfactory.com/DreamFactory/Installation#Upgrade) but no luck. Not sure what to do…


#7

I have the same issue, even using the current repository version. Which database stores the user name and password? I have dropped dreamfactory database in mysql and it makes no difference.


#8

I think I figure out part of the reason, it’s stored in the user table of your database. If you just want play without the need of recovering your previous dremfactory, you could edit your .env and pointing to
a different database and run

php artisan cache:clear
php artisan dreamfactory:setup

It should get you a working version of dreamfactory


#9

Just to clarify, the issue is not with user passwords.
It’s with service credentials, and lookups.
These values are encrypted using your .env’s app key as the key. If this key changes, the system can’t read the credentials stored in the db, and it locks up.
Go into the tables for your SERVICES (not users) and set the credentials all to NULL.) You will need to know the actual credentials so that you can set them correctly in the admin app once everything is back up and running.
Do the same thing for lookups. Those values are also encrypted.